Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:120705 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 14142 invoked from network); 28 Jun 2023 00:45:41 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 28 Jun 2023 00:45:41 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id B6F8D1804B3 for ; Tue, 27 Jun 2023 17:45:40 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2 X-Spam-ASN: AS19151 66.111.4.0/24 X-Spam-Virus: No X-Envelope-From: Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Tue, 27 Jun 2023 17:45:40 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A84C55C017E for ; Tue, 27 Jun 2023 20:45:38 -0400 (EDT) Received: from imap50 ([10.202.2.100]) by compute4.internal (MEProxy); Tue, 27 Jun 2023 20:45:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= garfieldtech.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm2; t=1687913138; x=1687999538; bh=5Xp9ikAEQI 0PnDR2KlJA9eW/ukw/hwasg3jsg2kvbO4=; b=hNSg2BzLNy0Vra1RHrHvhtOJwJ 1BMvmTUdBfZjsYEKtTT7S79tYeQSXUYRRMMBHwbVVY89Ui7QRGBCQtxfZeugzvUy 2WFePPe+T7c69+BP+scY4hcUzAboxyBxGlm+aSk7X1pqn5hs0o7OyxTOCyK0r+4T YG+mPXWEgqPfHQ1XldTXH50rlmm5yoXdzvWPLg6iI5Hf6XtSG3xzfMjduchrQ9A/ ZHRmoBC7Obe3A8C0MQ4znBg3vRp6nRiSOYgGs+Ao8TrgNmhO2CLM4snEUgCz63mO MxY502R+G1kL7zpS9g0sh56gefC5sKa1G7SeJx8k5Tva49KcvChv6g792mjA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1687913138; x= 1687999538; bh=5Xp9ikAEQI0PnDR2KlJA9eW/ukw/hwasg3jsg2kvbO4=; b=P rpASVtG4x56CCGE7mMB6+ru+W3KkqnqYD4XgSOG8aXQygXm5UJviLsxVgQGwaICr QLLU7ipaRONINUoA+5yq1f83QY2Z9ICT3lPjcnsYTTXpNLizoP/sQlkYuddmyfcz ToHWAL5gcEmYwdtNyMsgah4/YEc9w2CrWgNZtNV5GO3pOAnbkKwYT+IPlqEOD3te JAi+gkOX2LJodzN+BPQT+TiWSjvrYXU+PX3/qdsyVsxL3WQPauQUTwoyoG89RS/N lAQEpR4YRNUGO4NIT2jRWYg4NQ8LUWmgAiq0swqmhQINvW57VhCYzMPw4K/BVSo1 wnFmxu4Vwp0c/kDUl5tEg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrtddugdeflecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdfnrghr rhihucfirghrfhhivghlugdfuceolhgrrhhrhiesghgrrhhfihgvlhguthgvtghhrdgtoh hmqeenucggtffrrghtthgvrhhnpeelieeuhfekgedvueegudfftdelhffffedvjefhudev veefteeggeetleevfeelveenucffohhmrghinhephhhtthhpmhgvthhhohgurdhinhenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlrghrrhih sehgrghrfhhivghlughtvggthhdrtghomh X-ME-Proxy: Feedback-ID: i8414410d:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id 611F51700089; Tue, 27 Jun 2023 20:45:38 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-499-gf27bbf33e2-fm-20230619.001-gf27bbf33 Mime-Version: 1.0 Message-ID: <06cefa3c-a314-415a-9f69-619ddc24b72d@app.fastmail.com> In-Reply-To: <8FB3E9E9-7240-45BE-B060-C4ACCEDFDC50@koalephant.com> References: <15D6E65D-97E3-4F82-8C8A-B8C1FB22D972@benramsey.com> <8FB3E9E9-7240-45BE-B060-C4ACCEDFDC50@koalephant.com> Date: Tue, 27 Jun 2023 19:45:17 -0500 To: "php internals" Content-Type: text/plain;charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] RFC1867 (multipart/form-data) PUT requests From: larry@garfieldtech.com ("Larry Garfield") On Tue, Jun 27, 2023, at 3:26 PM, Stephen Reay wrote: >> On 28 Jun 2023, at 02:53, Ben Ramsey wrote: >>=20 >>> On Jun 27, 2023, at 04:01, Ilija Tovilo wro= te: >>>=20 >>> Hi Ben, Hi Rowan >>>=20 >>> On Mon, Jun 26, 2023 at 8:55=E2=80=AFPM Ben Ramsey wrote: >>>>=20 >>>>> On Jun 20, 2023, at 06:06, Rowan Tommins = wrote: >>>>>=20 >>>>> On Tue, 20 Jun 2023 at 10:25, Ilija Tovilo wrote: >>>>>=20 >>>>>> Introduce a new function (currently named populate_post_data()) to >>>>>> read the input stream and populate the $_POST and $_FILES >>>>>> superglobals. >>>>>=20 >>>>> How about "request_form_populate_globals"? >>>=20 >>> The word "form" seems a bit out of place (even though it appears in >>> both multipart/form-data and application/x-www-form-urlencoded), >>> because this function is mainly targeted at PUT/PATCH requests for >>> REST APIs. Maybe request_body_populate_globals? >>>=20 >>>> Another option for the name: `populate_multipart_form_data()`. >>>=20 >>> I avoided the term "multipart" because the function technically also >>> works for application/x-www-form-urlencoded requests. It's less >>> necessary for the reasons outlined in my previous email, but it would >>> allow for consistent handling of such requests for all HTTP methods. >>>=20 >>> Some people on GitHub voiced that they would prefer an INI setting. >>> Therefore I will create an RFC accordingly. >>=20 >>=20 >> I know this issue comes up enough because it=E2=80=99s confusing to d= evelopers that there=E2=80=99s not a `$_PUT`, etc., but I=E2=80=99m not = a fan of introducing something new that populates globals. >>=20 >> While I=E2=80=99ve never used `application/x-www-form-urlencoded` dat= a for `PUT` requests (because I don=E2=80=99t think it=E2=80=99s a prope= r content-type for the semantics of `PUT`), I do see how this content-ty= pe could be used with `PATCH`, and I also don=E2=80=99t want to rule-out= use cases of it for `PUT` or any other HTTP method. >>=20 >> In the past, I=E2=80=99ve used something like the following to solve = this: >>=20 >> parse_str(file_get_contents('php://input'), $data); >>=20 >> I haven=E2=80=99t looked up how any of the frameworks solve this, but= I would be willing to bet they also do something similar. >>=20 >> Rather than implementing functionality to populate globals, would you= be interested in introducing some new HTTP request functions. Something= like: >>=20 >> http_request_body(): string >> http_parse_query(string $queryString): array >>=20 >> `http_request_body()` would return the raw body and would be the equi= valent of calling `file_get_contents('php://input')`. Of special note is= that it should _always_ return the raw body, even if `$_POST` is popula= ted, for the sake of consistency and reducing confusion. >>=20 >> `http_parse_query()` would be the opposite of `http_build_query()` an= d would return a value instead of requiring a reference parameter, like = `parse_str()`. >>=20 >> While these don=E2=80=99t address the confusion users face by not hav= ing a `$_PUT` superglobal, I=E2=80=99d prefer not to overload the superg= lobals. Maybe we can update the documentation to encourage use of these = new functions instead of the superglobals? >>=20 >> We also might want to introduce something like `http_query_string(): = string` that always returns the raw query string, instead of requiring u= se of the superglobal `$_SERVER['QUERY_STRING']`. >>=20 >> Cheers, >> Ben > > > As a userland/library developer I *much* prefer this approach, but=20 > *please* also include `http_uploads()` (name/signature TBD), returning=20 > an array of file uploads using a structure akin to what $_POST (or=20 > http_parse_query) gives, based on the field name, rather than the=20 > current scenario where the presence of square brackets radically=20 > changes the structure of the $_FILES array. > > My initial thought was that perhaps the leaf entities in said array=20 > could be a subclass of SplFileInfo referencing the uploaded temporary=20 > file, with additional read-only properties for the extra upload-relate= d=20 > attributes - but really the important thing is just having a sane,=20 > consistent structure. Having an object rather than an array with=20 > constant keys would be a nice addition, but is much less important. > > > > Cheers > > Stephen I also like Ben's suggestion. It avoids adding more magic globals, but = also is still simple and straightforward to use in an easily composable = fashion. Based on the Content-Type header of the request, it would allo= w for: $formData =3D http_parse_query(http_request_body()); $jsonData =3D json_decode(http_request_body()); ... Whatever other body parsers. While you should probably not call it exactly like that, it means "take = body string, pass to mime-appropriate body parser" is an easy pattern, a= nd one that can also be easily mocked for testing. --Larry Garfield